Syntax of RACF commands and operands

This publication describes the syntax and function of the RACF® commands. The commands are presented in alphabetical order. Each command description contains several examples.

For the key to the symbols used in the command syntax diagrams, see Figure 1.
Figure 1. Key to symbols in command syntax diagrams
   
  1. UPPERCASE LETTERS or WORDS must be coded as they appear in the syntax diagrams but do not have to be uppercase.
  2. Lowercase letters or words represent variables for which you must supply a value.
  3. Parentheses ( ) must be entered exactly as they appear in the syntax diagram.
  4. An ellipsis ... (three consecutive periods) indicates that you can enter the preceding item more than once.
  5. A single item in brackets [ ] indicates that the enclosed item is optional. Do not specify the brackets in your command.
  6. Stacked items in brackets [ ] indicate that the enclosed items are optional. You can choose one or none. Do not specify the brackets in your command.
  7. Stacked items in braces { } indicate that the enclosed items are alternatives. You must specify one of the items. Do not specify the braces in your command.
    Note: When you select a bracket that contains braces, you must specify one of the alternatives enclosed within the braces.
  8. Items separated by a vertical bar | indicate that you can specify only one of the items. Do not specify the vertical bar in your command.
  9. An underlined operand indicates the default value when no alternate value is specified.
  10. BOLDFACE or boldface indicates information that must be given for a command.
  11. Single quotation marks ' ' indicate that information must be enclosed in single quotation marks.

The syntax for all occurrences of the userid, group-name, password, class-name, profile-name, volume-serial, terminal-id, date, and data-set-name operands in this book is as follows:

userid
1 - 8 alphanumeric characters. The user ID can consist entirely of numbers and need not begin with any particular character.

For TSO users who are defined to RACF, the user ID cannot exceed seven characters and must begin with an alphabetic, # (X'7B'), $ (X'5B'), or @ (X'7C') character.

group-name
1 - 8 alphanumeric characters beginning with an alphabetic, # (X'7B'), $ (X'5B'), or @ (X'7C') character. (You can set the default prefix to a group name only if the group name contains 1 - 7 characters. If the group name has 8 characters, you must always enter fully-qualified group data set names on the commands.
password
1 - 8 alphanumeric characters. Each installation can define its own password syntax rules. Lowercase alphanumeric characters are valid and maintained in the case entered if SETROPTS PASSWORD(MIXEDCASE) is in effect. Some additional symbolic characters are valid if SETROPTS PASSWORD(SPECIALCHARS) is in effect.
class-name
Valid class names are USER, GROUP, DATASET, and those classes defined in the class descriptor table.

The entries supplied by IBM® in the class descriptor table are listed in Supplied RACF resource classes.

profile-name
Either a discrete name or a generic name, as described in Naming considerations for resource profiles.
terminal-id
1 - 8 alphanumeric characters.
volume-serial
1 - 6 alphanumeric characters.
date
RACF interprets dates as 20yy when the year is less than 71, and 19yy when the year is 71 or higher.
data-set-name
The RACDCERT commands use the data set naming convention on z/OS, where quotation marks are optional. If the data set name is not enclosed in quotation marks, the TSO login ID is prefixed to the data set name. If you surround the data set name in quotation marks, the syntax can be clearer and more specific. Therefore, quotation marks are encouraged and are used in the code samples that are provided.